Machine Translations

The Symantec Endpoint Protection Support Tool is a standalone executable used for a number of different support, diagnostic and malware troubleshooting purposes. The SEP Support Tool is typically run locally interactively. This document will introduce the idea of running the SEP Support Tool remotely across the network.

The challenge of Multiple System Remote Diagnostics

In the ongoing effort to combat the malware deluge, companies are occasionally faced with the task of running the SEP Support Tool on multiple machines across the network. In some instances, due to the number of systems involved or simply due to time constraints, some companies find themselves tasking IT personnel to manually Remote Desktop to a machine and upload the SEP Support Tool utility and execute it interactively. Often this is not a burdensome issue when the task needs to execute on a single system, once a week or once a month or once a year. On the other hand, some customers want to run the SEP Support Tool utility more frequently and they wish to know a way to automate the task of upload, execution, and retrieval of the results. This document attempts to answer that need.

Some organizations already possess the capability to remote deploy software with their software management system; for those customers this document may only serve as an exception process. This process is especially useful when task creation in software management systems is out of the question due to the small number of machines involved or deployment package development time constraints. Organizations that do not possess an endpoint management or software delivery system can benefit from this alternative remote SEP Support Tool data collection solution.

Hope you are having a great day. I've put some notes below. Please follow these steps and you will tend to have success. The last note on network connection type should be pursued if the reputation information fails to load. I tried to find out where you were posting from by looking at your profile google and couldn't determine your location, so in case you are using a non-english Windows OS, please note that SEPSupportTool is not tested on non-english systems stated here: http://www.symantec.com/business/support/index?page=content&id=TECH105414

Steps to get the reputation data:

Execute sep_supporttool.exe -fg -lp -noup -s -out %TEMP%
wait for execution to finish
cd %TEMP%
copy name.sdb to other computer that has internet access.
Execute SEP_supporttool.exe by doubleclicking it.
Click on "Open a report" on the top left hand side of the SEP_SupportTool GUI.
Select the SDB file

The following message pops up:

"When running the Load Point check, the computer was unable to access the Symantec Reputation database! Would you like to use Symantec's Reputation database to re-check the unsigned Load Point files?
NOTE: Thiw will update the file:
FILENAME.sdbz"

Click Yes

Wait

Upon completion
Click on "Load Points: 5 items"
Click on "Windows Load Poinsts: Analysis"
Scores are listed here on the left hand side green or red colored depending on the rating.

Please note that the sdbz file should be copied after the SEP_SupportTool has completed 100%. During the SEPSupportTool execution it creates a file named %machinedate%.sdb, please do not copy the file until SEP_SupportTool has finished.

I've run this procedure dozens of times with no problem. If you are having issues with the reputations being looked up, try running it on a machine with a different type of network access. For example, if in a proxy environment, try a non-proxied connection.

A fellow coworker has added content to the whitepaper. It now contains a means to run SEPSupportTool via the Host Integrity Component of SEP 11.x or 12.x. This requires a Self Enforcement license (NAC).